NGINX-ingress

From WilliamsNet Wiki
Jump to navigation Jump to search

NGINX 'Official' Ingress Controller[edit]

When researching the methods to install the NGINX Ingress Controller, I found many varied and somewhat conflicting methods and manifests. Eventually, I found the 'official' github repo from the NGINX team.

I used the manifests and instructions from this repo mostly intact. Full installation instructions are located online.

  1. ns-and-sa.yaml -- creates the namespace and serviceaccount
  2. I manually created the SSL certificate secret (after creating a self-signed certificate) instead of using their manifest 
    kubectl create secret tls default-server-secret --cert=ingress.crt --key=ingress.key -n nginx-ingress
  3. nginx-config.yaml - creates the configmap for providing configuration options (not used ... yet )
  4. rbac.yaml - creates the appropriate roles and rolebindings
  5. nginx-ingress.yaml -- I used the deployment version ... don't think there will be a need for using a daemonset
  6. loadbalancer.yaml - creates the loadbalancer service that gives an external IP address for the controller.
    • NOTE: I had to comment out the 'externalTrafficPolicy' parameter for the service, as it caused erratic behavior when accessing the controller

At this point, you have a fully functional ingress controller that responds on both http and https ports ... and provides its own default page for 'resources not found'

The manifests and files are checked into the GitLab k8s-admin repository in the directory 'nginx-ingress-controller'

The repo for this controller is cloned into: 

/workspace/outside-repos/kubernetes-ingress

Kubernetes Ingress Controller[edit]

This ingress controller is also labeled as 'nginx', though it diverges in features from the 'official' version. It is, however, more flexible than the NGINX version through its ability to route arbitrary ports to services, not just 80 and 443 using HTTP/HTTPS protocols. This is done by specifying the map from port to service in a configMap (and adding the ports to the exposing service), which makes it less 'generic' than it should, and forces you to modify the base controller deployment instead of just providing the Ingress like it is supposed to work.

This version of the ingress controller is housed in this github repo.

The manifest that deploys the ingress controller is in the file deploy/mandatory.yaml ... it creates everything needed including the namespace, RBAC stuff, default backend, and the controller deployment. I added the --update-status parameter, just to see what happened, but that is the only change.

To expose the controller, you need to provide a LoadBalancer service: 

kind: Service
apiVersion: v1
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app: ingress-nginx
spec:
  externalTrafficPolicy: Local
  type: LoadBalancer
  selector:
    app: ingress-nginx
  ports:
  - name: http
    port: 80
    targetPort: http
  - name: https
    port: 443
    targetPort: https

One like this is included in deploy/provider/cloud-generic.yaml.

This needs to be done in the namespace of the controller (ingress-nginx) so it can select the controller ... but it will need to be modified if additional ports are proxied.

The repo for this controller is cloned into: 

/workspace/outside-repos/ingress-nginx
Retrieved from "http://wiki.williams-net.org/index.php?title=NGINX-ingress&oldid=27"